RE: DCpromo issue. Health check on AD and group policy.


Hi Meinholf and Hello IT Team Queensbridge.bham.sch.uk

Since Repadmin was not looking great to say the least, check FRS and AD evt
logs on the other intrastire DC's for failures creating connection objects
with NED. Presuming that NED was recently promo'd out and in again (I'm
really hoping)

I have a recollection of this issue after I removed a DC via DCPROMO and
within 20minutes I DCpromo'd the new Hardware in as the exact same name. What
happened then was GUID/CNAMES in DNS were 100% right for the new DC, but
every DC whether Intra or Intersite that was a direct replication partner
with the he renewed DC simply would not allow the new DC to create new
inbound connection objects (You can't even via manual methods). Every DC that
was a replication partner of the DC before removing it obviously continued
repl via KCC auto generated connection objects to another preferred bridge
head. I eventually found nothing on the internet to help, but what I did do
next was user repadmin /expertuser switch and users the following cowboy
trick (Int the LAB first, managed to replicate exact problem luckily):

/delrepsto <Naming Context> <DC> <Reps-To DC> <Reps-To DC GUID>
Examples:
Naming Context <DC=TESTDOM,DC=LOCAL >
<DC> done at each DC that was a pervious repl partner
<repsto dc> this will most definitely be NED in every run of the commands on
each old partners. And check intrasite DC's FRS/AD eventlogs on each DC to
see if their is an issue showing the old GUID/CNAME in the events. This GUID
will be the buid use supply for <Reps-To DC GUID>

Now I scripted this as the forest has over 200 DC's and due to lack of RAM /
perf on most DC's, KCC was not autogening connection obj's. 90 % of the dc's
used this DC as a bridgehead (Manually set seince we were still on 2000 AD
and it's hidden agenda, we had switched KCC &ISTG off and every connection
object was manual (This is how I know that not even a manual obj creation
helps to trick).

To add to my missery, when I spotted the errors after the new DC's promo. I
dcpromo'd out again and then there were now 2 wrong outdated GUID to remove.
I don't think the /delrepsto <Naming Context> <DC> <Reps-To DC> <Reps-To DC
GUID> way is complex, just guid's burnt into you retinas if manually done.
But you are small, so if this pie in the sky theory is write, each DC
Intrasite show hhave some eventlogs, hopefully showing the antiquated GUID's.
Since each other site had one or more DC's, only one is generally in need of
attention, the Bridgehead which KCC selects. KCC does the KCC thing every 15
minutes and will auto gen the new "true" connetion objects at those
intervals,

Also, who's the RID master, is he UP?

Root Cause Analysis of my issue, A bit of a thumb suck, I has just arrived
at the clients site and I have never seen the monetuos amount of linger
objects in AD, maybe that cintributed, I douted that, I then thought through
a personally created issue, I took the HDD's out of the old DC and added them
to the new server so as to mirrow the OS and current configs and then
promoted it in with 20mins. By this stage, the mirrors had completed sync and
pulled the old hdd's out. You may think this is menial, but in my VM labs, I
often promo one out then straigh back in, and have noticed similar issues
eventing. Apparently the now member server keeps it AD settings and what you
should do is promo it 1st into another new dummy.junk domain and promo it out
and reboot. All the "so called" domain history is now gone from registry etc.
I do not know what exacts around documented around that issue, maybe some of
the MVP can comment/ drill me/thrill me

Regards





Garry Starck
MCITP Enterprise Administrator, MCTS AD, MCSE 2003 Messaging, MCDBA


"Meinolf Weber [MVP-DS]" wrote:

Hello IT Team Queensbridge.bham.sch.uk ITTeamQueensbridgebhamschukdiscussions.microsoft.com,

Also do not forget the other questions and outputs, especially when the other
output is to big to post use the dcdiag /v /c on each DC separate and also
netdiag /v.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


Hi

We have 2 DNS servers (bart and NED), Bart is the primary DNS server
and is the first DC in the domain. NED is the DC which isn't
replicating but is also a DNS server.

Please find ipconfig /all outputs from both servers

BART

indows IP Configuration

Host Name . . . . . . . . . . . . : bart

Primary Dns Suffix . . . . . . . : QUEENSBRIDGE.PRI

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : QUEENSBRIDGE.PRI

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel(R) PRO/1000 CT Network
Connection

Physical Address. . . . . . . . . : 00-11-2F-63-BC-9B

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 10.122.84.51

Subnet Mask . . . . . . . . . . . : 255.255.252.0

Default Gateway . . . . . . . . . : 10.122.84.50

DNS Servers . . . . . . . . . . . : 10.122.84.51

10.122.84.58

NED

Windows IP Configuration

Host Name . . . . . . . . . . . . : ned

Primary Dns Suffix . . . . . . . : QUEENSBRIDGE.PRI

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : QUEENSBRIDGE.PRI

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Realtek RTL8169/8110 Family
Gigabit Ethernet NIC

Physical Address. . . . . . . . . : 00-0F-B5-09-A5-2C

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 10.122.84.58

Subnet Mask . . . . . . . . . . . : 255.255.252.0

Default Gateway . . . . . . . . . : 10.122.84.50

DNS Servers . . . . . . . . . . . : 10.122.84.51




.

Relevant Pages

  • RE: DCpromo issue. Health check on AD and group policy.
    ... new DC to create new inbound connection objects (You can't even via ... RAM / perf on most DC's, KCC was not autogening connection obj's. ... We have 2 DNS servers, Bart is the primary DNS server ...
    (microsoft.public.windows.server.active_directory)
  • Re: How long do GPTs take to replicate?
    ... Changing the replication interval for a site link has no bearing on whether ... or not the KCC manages connection objects. ... connection object, or manually creating one, has any bearing on how the KCC ...
    (microsoft.public.windows.server.active_directory)
  • Re: How long do GPTs take to replicate?
    ... Paul Williams wrote: ... or not the KCC manages connection objects. ... connection object, or manually creating one, has any bearing on how the KCC ...
    (microsoft.public.windows.server.active_directory)
  • Re: Cannot connect to the Internet
    ... Connection 2 Status icon shows "Connected" with a speed of 10.0 Mbps, ... The master browser has received a server announcement from the ... service will not use the network to avoid further network performance ... IE browser that prevents the IE browser from finding the DNS server. ...
    (microsoft.public.mac.virtualpc)
  • Re: My ICS connection - still from hell.
    ... HUMUNGOUS with WinXP Pro SP2 with adsl connection. ... Alternate DNS server is 10.1.1.1. ... I have Zonealarm running however the problem isn't ... I don't consider the Windows Firewall to be adequate ...
    (microsoft.public.windowsxp.network_web)